[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] PAM and CobaltOS 5.0

Subject: Re: [cobalt-security] PAM and CobaltOS 5.0
From: Jeff Lovell <jlovell@xxxxxxxxxx>
Date: Mon, 24 Jul 2000 15:32:42 -0700
Organization: Cobalt Networks, Inc.

Gossi The Dog wrote:
> 
> However, PAM is still ownable.  Cobalt missed it and didn't issue a patch
> by the looks of it (nothing on cobalt.com).  Since PAM itself is still
> vun, it's probably possible to exploit it (just not through userhelper).

PAM is vulnerable through bad coding.  At present time there are no
other known programs shipped on Cobalt boxes that exploit this problem 
in PAM.  If there is a reproducible exploit with PAM version shipping 
on our RaQs it will not likely be updated.

Jeff

-- 
Jeff Lovell
Cobalt Networks, Inc.

Follow-Ups:
- Re: [cobalt-security] PAM and CobaltOS 5.0
  - From: Jeff Lovell

References:
- [cobalt-security] PAM and CobaltOS 5.0
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] Cobalt Security Advisory - 07.25.2000 - Qpopper (Version 2)
Next by Date: Re: [cobalt-security] PAM and CobaltOS 5.0
Previous by thread: RE: [cobalt-security] PAM and CobaltOS 5.0
Next by thread: Re: [cobalt-security] PAM and CobaltOS 5.0

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index